Denial Of Service (DoS)

2023-10-2506:39:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

dos

vulnerability

base-server.ts

cache-control

content delivery network

cdn

application crash

repetitive requests

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

next is vulnerable to Denial Of Service (DoS). The vulnerability exists because the base-server.ts does not include a cache-control header. Consequently, empty prefetch responses might be cached by a Content Delivery Network (CDN). This creates an opportunity for an attacker to potentially crash the application by repeatedly requesting the same URL via that CDN.